From: Patrick Farrell <paf@cray.com>
To: lustre-devel@lists.lustre.org
Subject: [lustre-devel] [PATCH] staging: lustre: ldlm: use designated initializers
Date: Mon, 19 Dec 2016 16:50:02 +0000 [thread overview]
Message-ID: <CY4PR11MB175166F4D71AC6994081356BCB910@CY4PR11MB1751.namprd11.prod.outlook.com> (raw)
In-Reply-To: <alpine.LFD.2.20.1612191614320.25173@casper.infradead.org>
James,
This should be a purely syntactical change, to help out tools - for GCC, I'm pretty sure the meaning of { } and { NULL } are the same. Also, I don't think struct randomization does what you're thinking.
Kees,
Is there anything written up on kernel struct randomization? I was trying to find a talk/post from you or something from LWN, but I couldn't find something about this specifically. (Probably because I can't find it among the other stuff that's been written up)
- Patrick
________________________________
From: lustre-devel <lustre-devel-bounces@lists.lustre.org> on behalf of James Simmons <jsimmons@infradead.org>
Sent: Monday, December 19, 2016 10:22:58 AM
To: Kees Cook
Cc: devel at driverdev.osuosl.org; Greg Kroah-Hartman; linux-kernel at vger.kernel.org; Oleg Drokin; Vitaly Fertman; Bruce Korb; Emoly Liu; lustre-devel at lists.lustre.org
Subject: Re: [lustre-devel] [PATCH] staging: lustre: ldlm: use designated initializers
> Prepare to mark sensitive kernel structures for randomization by making
> sure they're using designated initializers. These were identified during
> allyesconfig builds of x86, arm, and arm64, with most initializer fixes
> extracted from grsecurity.
>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> drivers/staging/lustre/lustre/ldlm/ldlm_flock.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c b/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c
> index 722160784f83..f815827532dc 100644
> --- a/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c
> +++ b/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c
> @@ -143,7 +143,7 @@ static int ldlm_process_flock_lock(struct ldlm_lock *req, __u64 *flags,
> int added = (mode == LCK_NL);
> int overlaps = 0;
> int splitted = 0;
> - const struct ldlm_callback_suite null_cbs = { NULL };
> + const struct ldlm_callback_suite null_cbs = { };
>
> CDEBUG(D_DLMTRACE,
> "flags %#llx owner %llu pid %u mode %u start %llu end %llu\n",
Nak. Filling null_cbs with random data is a bad idea. If you look at
ldlm_lock_create() where this is used you have
if (cbs) {
lock->l_blocking_ast = cbs->lcs_blocking;
lock->l_completion_ast = cbs->lcs_completion;
lock->l_glimpse_ast = cbs->lcs_glimpse;
}
Having lock->l_* point to random addresses is a bad idea.
What really needs to be done is proper initialization of that
structure. A bunch of patches will be coming to address this.
_______________________________________________
lustre-devel mailing list
lustre-devel at lists.lustre.org
http://lists.lustre.org/listinfo.cgi/lustre-devel-lustre.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lustre.org/pipermail/lustre-devel-lustre.org/attachments/20161219/bd5785da/attachment.htm>
next prev parent reply other threads:[~2016-12-19 16:50 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-17 1:00 [PATCH] staging: lustre: ldlm: use designated initializers Kees Cook
2016-12-17 1:00 ` [lustre-devel] " Kees Cook
2016-12-19 16:22 ` James Simmons
2016-12-19 16:22 ` [lustre-devel] " James Simmons
2016-12-19 16:47 ` Bruce Korb
2016-12-19 16:48 ` [lustre-devel] " Bruce Korb
2016-12-19 17:12 ` James Simmons
2016-12-19 17:12 ` [lustre-devel] " James Simmons
2016-12-20 7:10 ` Dan Carpenter
2016-12-20 7:10 ` [lustre-devel] " Dan Carpenter
2016-12-20 14:57 ` Hammond, John
2016-12-20 14:57 ` [lustre-devel] " Hammond, John
2016-12-20 16:47 ` Bruce Korb
2016-12-20 16:48 ` [lustre-devel] " Bruce Korb
2016-12-20 18:52 ` Dan Carpenter
2016-12-20 18:52 ` [lustre-devel] " Dan Carpenter
2016-12-20 19:07 ` Dan Carpenter
2016-12-20 19:07 ` [lustre-devel] " Dan Carpenter
2016-12-20 19:46 ` Kees Cook
2016-12-20 19:46 ` [lustre-devel] " Kees Cook
2016-12-19 16:50 ` Patrick Farrell [this message]
2016-12-19 17:11 ` James Simmons
2016-12-19 17:11 ` James Simmons
2016-12-20 10:40 ` Dan Carpenter
2016-12-20 10:40 ` [lustre-devel] " Dan Carpenter
2016-12-20 17:29 ` Designated initializers, struct randomization and addressing? Joe Perches
2016-12-20 17:29 ` [lustre-devel] " Joe Perches
2017-01-03 23:47 ` Kees Cook
2017-01-03 23:55 ` Bruce Korb
2017-01-04 0:13 ` Kees Cook
2017-01-04 6:27 ` Julia Lawall
2017-01-04 6:35 ` Kees Cook
2017-01-04 16:55 ` Stephen Hemminger
2017-01-04 17:37 ` Julia Lawall
2017-01-04 22:30 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CY4PR11MB175166F4D71AC6994081356BCB910@CY4PR11MB1751.namprd11.prod.outlook.com \
--to=paf@cray.com \
--cc=lustre-devel@lists.lustre.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.